# Semgrep SAST (Static Application Security Testing) for WordPress

I use this GitHub Action to security test our WordPress themes

So what does the GitHub Action do?

It;
- [get the code](#file-reusable-code-checkout-yml) (i.e. themes) required by composer
- scan the code using [semgrep](https://semgrep.dev/)
- [upload the security errors](#file-code-scan-yml-L84-L94) to GitHub Code Security (i.e. the scan creates a [sarif](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) file which is uploaded)